Vulnerability in Froxlor

CVE-2026-30932

Froxlor is open source server administration software. Prior to version 2.3.5, the DomainZones.add API endpoint (accessible to customers with DNS enabled) does not validate the content field for several DNS record types (LOC, RP, SSHFP, TL…

EPSS: 0.000 (7.5th percentile) — read the EPSS interpretation.

Affected products

Froxlor — versions < 2.3.5

Weakness classification (CWE)

CWE-74 — Improper Neutralization of Special Elements in Output Used by a Downstream Component (Injection)

References

https://github.com/froxlor/froxlor/security/advisories/GHSA-x6w6-2xwp-3jh6 (x_refsource_CONFIRM)
https://github.com/froxlor/froxlor/commit/b34829262dc32818b37f6a1eabb426d0b277a86b (x_refsource_MISC)
https://github.com/froxlor/froxlor/releases/tag/2.3.5 (x_refsource_MISC)